Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2024-10-28
Johannes Ullrich
Apple Updates Everything
2024-10-07
Xavier Mertens
macOS Sequoia: System/Network Admins, Hold On!
2024-07-30
Johannes Ullrich
Apple Patches Everything. July 2024 Edition
2024-07-10
Jesse La Grew
Finding Honeypot Data Clusters Using DBSCAN: Part 1
2024-01-22
Johannes Ullrich
Apple Updates Everything - New 0 Day in WebKit
2024-01-19
Xavier Mertens
macOS Python Script Replacing Wallet Applications with Rogue Apps
2023-12-11
Johannes Ullrich
Apple Patches Everything
2023-09-26
Johannes Ullrich
Apple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-11
Johannes Ullrich
Apple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07
Johannes Ullrich
Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-26
Xavier Mertens
macOS: Who?s Behind This Network Connection?
2023-06-22
Johannes Ullrich
Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07
Johannes Ullrich
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27
Johannes Ullrich
Apple Updates Everything (including Studio Display)
2022-07-26
Xavier Mertens
How is Your macOS Security Posture?
2022-07-20
Johannes Ullrich
Apple Patches Everything Day
2022-04-20
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31
Johannes Ullrich
Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-03-14
Johannes Ullrich
Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10
Johannes Ullrich
iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27
Johannes Ullrich
Apple Patches Everything
2022-01-22
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06
Xavier Mertens
Malicious Microsoft Word Remains A Key Infection Vector
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12
Guy Bruneau
Microsoft DHCP Logs Shipped to ELK
2021-03-03
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-25
Daniel Wesemann
Forensicating Azure VMs
2021-02-23
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-05
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2021-02-03
Brad Duncan
Excel spreadsheets push SystemBC malware
2021-02-02
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-14
Bojan Zdrnja
Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-22
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-11-20
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2020-11-09
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-10-26
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-09-10
Brad Duncan
Recent Dridex activity
2020-09-09
Johannes Ullrich
A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-07
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-15
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-11
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-07-04
Russ McRee
Happy FouRth of July from the Internet Storm Center
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-06-01
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-20
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-03-29
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-18
Brad Duncan
Trickbot gtag red5 distributed as a DLL file
2020-03-09
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06
Xavier Mertens
A Safe Excel Sheet Not So Safe
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-02-21
Xavier Mertens
Quick Analysis of an Encrypted Compound Document Format
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-11
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-04
Jan Kopriva
Analysis of a strangely poetic malware
2019-10-02
Brad Duncan
A recent example of Emotet malspam
2019-09-26
Rob VandenBrink
Mining MAC Address and OUI Information
2019-09-18
Brad Duncan
Emotet malspam is back
2019-07-08
Didier Stevens
Machine Code? No!
2019-07-04
Didier Stevens
Machine Code?
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-15
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-11-04
Pasquale Stirparo
Beyond good ol' LaunchAgent - part 1
2018-10-21
Pasquale Stirparo
Beyond good ol’ LaunchAgent - part 0
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-06-29
Remco Verhoef
Crypto community target of MacOS malware
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-23
Remco Verhoef
Track naughty and nice binaries with Google Santa
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-09-19
Jim Clausing
New tool: mac-robber.py
2017-02-26
Guy Bruneau
It is Tax Season - Watch out for Suspicious Attachment
2016-09-30
Xavier Mertens
Another Day, Another Malicious Behaviour
2015-02-19
Daniel Wesemann
Macros? Really?!
2014-01-24
Chris Mohan
Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17
Adrien de Beaupre
Apple security updates Mac OS X and Safari
2013-10-22
Richard Porter
Greenbone and OpenVAS Scanner
2013-10-02
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10
Swa Frantzen
Macs need to patch too!
2013-08-09
Kevin Shortt
Copy Machines - Changing Scanned Content
2013-03-02
Scott Fendley
Apple Blocks Older Insecure Versions of Flash Player
2012-07-05
Adrien de Beaupre
New OS X trojan backdoor MaControl variant reported
2012-05-05
Tony Carothers
Vulnerability Exploit for Snow Leopard
2012-04-12
Guy Bruneau
Apple Java Updates for Mac OS X
2012-02-24
Guy Bruneau
Flashback Trojan in the Wild
2012-02-04
Scott Fendley
Apple Security Advisory 2012-001 v1.1
2011-08-05
donald smith
New Mac Trojan: BASH/QHost.WB
2011-06-23
Jim Clausing
Apple Security Updates 2011-004
2011-06-15
Pedro Bueno
Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26
Swa Frantzen
MacDefender ups the ante with removing the password need for installation
2011-05-06
Richard Porter
Unpatched Exploit: Skype for MAC
2010-11-16
Guy Bruneau
Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17
Deborah Hale
Digital Copy Machines - Security Risk?
2010-06-15
Manuel Humberto Santander Pelaez
Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29
Adrien de Beaupre
APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05
Jim Clausing
Memory Analysis - time to move beyond XP
2010-01-12
Adrien de Beaupre
PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07
Rob VandenBrink
Layer 2 Network Protections – reloaded!
2009-11-09
Guy Bruneau
Apple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24
Pedro Bueno
Identifying and Removing the iWork09 Trojan
2008-07-17
Mari Nichols
Firefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-04-02
Adrien de Beaupre
When is a DMG file not a DMG file
2006-12-12
Swa Frantzen
Microsoft Office 2004 - Mac OS X updated
2006-11-29
Toby Kohlenberg
New Vulnerability Announcement and patches from Apple
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others